Summary
An anonymous researcher operating under the handle "bikini" published what they describe as working exploit code for zero-day flaws spanning 15 software products and open source projects, dropping the material in a now-deleted GitHub repository called exploitarium without warning any of the affected vendors or maintainers first. Two of the disclosed bugs — a pre-authentication remote code execution flaw in libssh2 (CVE-2026-55200) and a root-level container escape in Gitea's act_runner (CVE-2026-58053) — are reportedly already being exploited in the wild. The dump is another data point in a growing pattern of researchers abandoning coordinated disclosure and leaning on AI to find bugs at scale.
What was leaked
Bikini bundled proof-of-concept code and vulnerability write-ups covering a spread of well-known desktop tools, servers, and libraries — including libssh2, Splunk, RustDesk, 7-Zip, VLC, AnyDesk, OpenVPN, c-ares, Gitea, and Floci — and posted them publicly with no prior vendor notification. The researcher claimed none of the flaws had been reported to anyone, though these claims and the functionality of the code have not been independently confirmed by the reporting outlet.
Bikini framed the release as an open invitation rather than a targeted campaign. "Feel free to report them yourself and take credit for the CVE if handed out lulz," they wrote in a screenshot circulated on X by Ledger CTO Charles Guillemet, adding: "Please do not abuse these. I do this so to allure people into the field."
The approach echoes the recent output of "Nightmare Eclipse," a bug hunter who has spent the past couple of months publishing Microsoft exploits in defiance of Redmond's disclosure handling. Unlike Nightmare Eclipse, though, bikini does not appear to be nursing a grudge against a single vendor — the exploitarium dump sprays across many unrelated projects at once.
GitHub has since taken the repository down, but copies of the material are effectively impossible to erase from the internet, and it is reasonable to assume attackers are now scanning for vulnerable instances. Because bikini shipped PoCs alongside the write-ups, adversaries in many cases don't even need to invest time building a working exploit of their own.
An AI-fuzzing origin story
Several analysts, including Federal Signal's Ethan Andrews, suggested bikini leaned on advanced AI models — specifically GPT-5.5 Codex — to automate fuzzing and vulnerability discovery, feeding the wider narrative that AI-assisted bug hunting is about to flood defenders with new findings. Andrews noted that not everything in the repo held up to scrutiny: some of the disclosures "have been dismissed by the community as low-impact AI-fuzzing noise."
The two exceptions stood out. "The most technically significant findings — libssh2 pre-auth heap write and Gitea default Docker auth bypass — have been independently verified as high-risk with active exploitation observed," Andrews wrote.
CVE-2026-55200: libssh2 pre-auth heap write
CVE-2026-55200 is a critical, pre-authentication RCE bug in libssh2, the widely embedded C library implementing the client side of the SSH2 protocol. A remote attacker can send crafted SSH packets carrying oversized packet_length values to corrupt heap memory and ultimately run code on the target.
According to the exploitarium research notes and the GitHub Security Advisory GHSA-r8mh-x5qv-7gg2, the root cause is an unchecked SSH packet_length in one of libssh2's full-packet decryption paths inside the transport parser. libssh2 through 1.11.1 accepted an attacker-controlled packet length in that path without first enforcing the RFC-sized maximum, as captured by the VulnCheck advisory referenced in the GHSA.
The affected routine is:
src/transport.c:ssh2_transport_read()
The flawed size logic behaves roughly as follows: the code computes an allocation size from the decoded field and only rejects obviously tiny or overly large totals, without bounding the raw packet_length itself first.
total_num = 4
packet_length = decoded SSH packet_length field
reject only if packet_length < 1
total_num += packet_length + mac_len + auth_len
reject if total_num > 35000 or total_num == 0
allocate total_num bytes
Because the addition wraps around a 32-bit integer, a maximal packet_length can slip past the size check and produce a tiny allocation. With packet_length=0xffffffff, mac_len=0, and auth_len=16, the vulnerable C expression can yield an allocation of just 19 bytes:
packet_length + mac_len + auth_len == 15 modulo 2^32
4 + 15 == 19
The catch is that the original packet_length still holds 0xffffffff. Later stages of full-packet processing continue to derive sizes from that value — including a packet_length - 1 style length — long after the undersized buffer was already allocated, producing the out-of-bounds heap write.
Proof of concept
Bikini's libssh2 PoC directory describes its research status as an "arithmetic verifier, encrypted SSH trigger scaffold, and controlled local RCE harness verified," and ships the following artifacts:
poc/cve_2026_55200_probe.c— standalone C11 arithmetic verifier.poc/libpwn_cve_2026_55200_server.py— minimal malicious SSH server/trigger scaffold.poc/libpwn_local_rce_harness.c— controlled local vulnerable target modeling the wrapped allocation-to-control pattern.poc/libpwn_local_rce_exploit.py— local exploit driver that overwrites the harness callback and creates an RCE proof file.evidence/2026-06-23-local-harness-output.txt— earlier arithmetic verifier evidence.
Fix status
The upstream patch rejects packet_length greater than LIBSSH2_PACKET_MAXPAYLOAD before the addition ever happens, closing the wraparound. The fix landed in commit:
97acf3dfda80c91c3a8c9f2372546301d4a1a7a8
merged via libssh2 pull request #2052 into the mainline development branch. At the time of writing, maintainers were still preparing a tagged libssh2 release that includes the patch, so downstream consumers pinning to released versions remain exposed until that ships.
CVE-2026-58053: Gitea act_runner container escape
CVE-2026-58053 is a critical vulnerability in Gitea's act_runner when using the Docker backend. It stems from improper privilege controls and can be abused to achieve a root-level container escape. Andrews characterized it as a "default Docker auth bypass" that has been independently verified as high-risk with active exploitation observed. Beyond the Docker backend and privilege-control root cause, the source material does not detail the full exploitation chain.
It's worth drawing a clear line here to avoid a documented mix-up: the exploitarium Gitea flaw is CVE-2026-58053. A separate Gitea bug, CVE-2026-20896, was disclosed by @rz1027 and fixed in Gitea's coordinated 1.26.3 security release — it is not part of bikini's dump.
Detection and mitigation
In response to the leak, Andrews built 44 KQL detection rules covering the full exploitarium repo, with translations available for teams not running a KQL-based stack. The rules are published in the Ethan-Andrews/Exploitarium-Detections repository.
Practical priorities for defenders:
- libssh2: Track the release that carries commit
97acf3dfda80c91c3a8c9f2372546301d4a1a7a8and rebuild or repackage any software that statically links or bundles libssh2 (curl, libgit2, and numerous SSH-enabled tools all embed it). Until a tagged release is available, applying the mainline fix or the PR #2052 changes is the direct mitigation. - Gitea act_runner: Review act_runner configurations on the Docker backend and tighten container privilege options in line with Gitea's guidance, since the flaw enables a root-level escape from the runner container.
- Everything else in the dump: Given the AI-fuzzing provenance, treat unverified exploitarium entries with measured skepticism, but prioritize the two confirmed, actively exploited bugs immediately.